Chapter 7 


Record Keeping in the 
Medical-Care Relationship 


Americans made an estimated one billion, 56 million visits to 
physicians during 1975, an average of 5.1 visits for each person in the 
country. Approximately 720 million of these visits occurred in physicians’ 
private offices, while another 136 million took place in the clinics and 
emergency rooms of hospitals. Inpatient admissions accounted for a large 
percentage of the remainder.! In addition, in 1974, more than a million 
individuals, approximately five percent of the U.S. population aged 65 and 
over, resided in nursing homes.” Each of these contacts with a medical-care 
provider generated a new medical record,? or added information to an 
already existing record. Considering that the recommended minimum 
retention period for a medical record today is 10 to 25 years,* these numbers 
seem staggering. Yet, even more staggering is the realization of how many 
people besides the medical-care providers> who create a medical record 
have access to it at the same time that the patient himself is by and large 
denied access to it. 

Indeed, the way in which medical records are created and used has 
undergone radical change in the last 50 years,® a change that is both a result 
and a cause of significant alterations in the character of the medical-care 


1 1975 data conveyed to staff of the Privacy Protection Study Commission by staff at the 
National Center for Health Statistics. 

2 National Center for Health Statistics, Health: United States 1975, (Rockville, Maryland: 
Department of Health, Education, and Welfare, 1975), p. 3. 

3 Section 5(c\2)(A) of the Privacy Act of 1974 authorized the Commission to include 
“medical records” in its examination of governmental and private-sector record-keeping 
policies and practices. 

‘ Testimony of the American Hospital Association, Medical Records, Hearings before the 
Privacy Protection Study Commission, June 10, 1976, p. 83 (hereinafter cited as “Medical 
Records Hearings”). 

® The term medical-care provider has been used throughout the chapter to refer to both 
medical professionals and medical-care institutions. For the Commission’s purposes the term 
medical professional refers to any person licensed or certified to provide medical services to 
individuals, including, but not limited to, a physician, dentist, nurse, optometrist, physical or 
Occupational therapist, psychiatric social worker, clinical dietitian or clinical psychologist. The 
term medical-care institution means any facility or institution that is licensed to provide medical- 
Care services to individuals, including, but not limited to, hospitals, skilled nursing facilities, 
home-health agencies, clinics, rehabilitation agencies, and public-health agencies or health- 
Maintenance organizations (HMOs). - 

Sina survey conducted in 1918, the American College of Surgeons discovered that only 89 


CamScanner 





278 PERSONAL PRIVACY IN AN INFORMATION SOCIETy 


relationship itself. This chapter explores the nature of the transformation 
and its implications for the protection of personal privacy. 

The first section briefly identifies the keepers and users of medical 
records and medical-record information.’ The second section shows why 
medical record-keeping practices are making the medical-care relationship 
progressively more fragile, underscoring the need for better statutory and 
regulatory protections. The third section contains general and specific 
recommendations that seek a proper balance among the various interests 
that come to focus in the medical-care relationship today. 


KEEPERS AND USERS OF MEDICAL RECORDS 


In the early part of this century, physicians, most of them practicing 
alone, delivered 85 percent of all medical services in the country. Today less 
than five percent of the providers of medical-care services are physicians.* It 
has been estimated that in most hospitals today only a third of a patient’s 
hospital medical record is created by the attending physician.? In addition, 
there have been major changes in the way medical care is paid for, and these 
changes, together with corollary efforts to monitor and improve the quality 
of medical care, have had and continue to have profound effects both on the 
flow of medical-record information and on the way medical records are 
maintained. 

Private health-insurance coverage has risen steadily over the last 25 
years. In 1950, third-party payment covered about a third of personal health 
expenses; in 1975, two-thirds, including almost 90 percent of hospital 
expenses and 61 percent of physicians’ services was covered.1° So many of 


out of 5,323 hospitals registered in the U.S. by the American Medical Association kept 
“. . .accurate and complete case records. . .written for all patients and filed in an accessible 
manner.” Edna K. Huffman, Medical Record Management, (Berwyn, Ill: Physicians Record 
Co., 1972), p. 21. . 
7 For the purposes of this study, the Commission has defined a medical record as a record, file, 
document,~or other written material relating to an individual’s medical history, diagnosis, 
condition, treatment or evaluation which is created or maintained by a medical-care provider. 
Conversely, the term medical-record information is used here to refer to information obtained 
from a medical record or from the individual patient, his spouse, parent, or guardian, for the 
purpose of making a non-medical decision about him. The circumstances in which medical- 
record information is gathered, maintained, and used to make non-medical decisions are 
summarized in this chapter, but details will be found in the chapters on insurance, employment, 
public assistance and social services, and research and statistics. The Commission’s detailed 
recommendations regarding medical-record information held by such third-party users will also 
be found in those chapters. As in all other aspects of the Commission’s inquiry, the attention 
here is to medical records and medical-record information collected, maintained, used, and 
disseminated in individually identifiable form. 
8 Alfred M. Freedman, “Protection of Sensitive Medical Data,” Patient Centered Health 
woe pa A. Jenkin, ed.; (Minneapolis, Minnesota: Society for Computer Medicine, 
» p. 3. 

genet of the American Hospital Association, Medical Records Hearings, June 10, 
, p. 84. 

10 National Center for Health Statistics, op. cit., p. 3. A. 


ww 


89 CamScanner 


Record Keeping in the Medical-Care Relationship 279 


these payments are now made under group policies that employers either 
administer or finance, or both,!! that employers have begun to rival 
insurance companies as major keepers and users of medical-record 
information. Tax revenues also cover an increasing share of the nation’s 
health-care bill. In 1974 Medicare and Medicaid together accounted for 
three-fifths of the total government expenditure for medical services, with 71 
ercent and 37 percent of their funds, respectively, going for services 
provided by hospitals. 12 

The magnitude of these public and private expenditures has focused 
attention on controlling the cost and monitoring the quality of medical 
services with the medical record becoming the primary instrument for cost 
control and quality assessment. Today, third-party payers not only want to 
know whether services billed to them are wholly or partially covered, but 
also whether they were consistent with the medical problem stated on the 
claim form, or indeed have been performed at all. To answer those questions 
in any particular instance the third-party payer may need copies of the 
entire record when only a particular episode of treatment is at issue. In 1972, 
the Congress in P.L. 92-603 authorized the formation of Professional 
Standards Review Organizations (PSROs) to monitor the appropriateness, 
quality, and outcome of the services provided to beneficiaries of the 
Medicare, Medicaid, and Maternal and Child Health Programs. The 
professional review mandated by the PSRO legislation depends upon 
information in the medical record being precisely documented, and in 
standardized form so that it can readily be retrieved. Since the program is 
not yet fully operational, its effectiveness cannot yet be evaluated, but if the 
PSRO program succeeds in controlling medical-care costs, private-sector 
third-party payers will undoubtedly develop similar programs or use the 
PSRO. The Congress, too, is watching PSRO performance with an eye to its 
implications for proposed legislation to create a universal health insurance 
program, covering all aspects of medical care. 

It must be understood, of course, that these impositions on the 
presumed confidentiality of the physician-patient relationship are not 
without precedent. Mandatory filing of birth and death certificates is a form 
of intrusion into the physician-patient relationship that has long been 
accepted as socially justified by the need for population statistics and 
epidemiological research. Today vital statistics records provide a vast data 
resource for many research and statistical activities. When communicable 
diseases were a major cause of death, legislation was enacted requiring that 
medical-care providers report information about individual cases to public- 
health authorities. Many States now also require medical-care providers to 
Teport cases of cancer and other diseases in which an environmental or 
Occupational factor is suspected, and some require reports on drug 
addiction, gunshot wounds, child abuse, and other violence-related injuries. 
The justification for each of these intrusions into the medical-care 





11 Ibid., p. 60. By 1970 employers were paying all of the group-health iums for 39 
»P» premiums for 39 percent 
pitts families covered by such plans, and at least partially paying the premiums for 53 percent 
e. 
12 Tbid., p.2. 


CamScanner 


280 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


relationship is that society’s need for information outweighs the individual’s 
claim to personal privacy in that particular case. 

Through expenditures in support of medical research, both govern- 
ment and the private sector indirectly contribute to third-party intrusions 
into the medical-care relationship. As Chapter 15 points out, government 
funding supports most of the organized research and statistical activities in 
this country and medical research accounts for a high proportion of the 
research expenditures of government and many of the large private 
foundations. Federal rules governing the funding of medical research 
require the informed consent of the individuals who participate in it as 
research subjects, but do not require their consent when medical records are 
reviewed and abstracted for retrospective epidemiological research studies. 

Epidemiological research was originally concerned with the cause and 
prevention of infectious diseases,!3 but during the last two decades the focus 
of the discipline has expanded to include the chronic, noninfectious 
diseases, such as emphysema and cancer, which have emerged as primary 
causes of illness and death in this country. Because these conditions 
typically cluster in time and place at a rather low level of intensity; because 
their progression may be slow; and because their causes are frequently 
insidious, studying them often requires medical surveillance of a substantial 
population at widely disparate points in time. For example, an epidemiolo- 
gist who wants to know whether a particular chemical employed in certain 
industrial processes was causally associated with bladder cancer might well 
be required to survey a large number of employees who have been exposed 
to the chemical at five-year intervals for at least 20 years. Such a task, 
however, would be impractical, if not impossible, without recourse to the 
medical records of the population being studied. 

There are few statistics indicating the number of requests for medical- 
‘record information that are not directly related to the delivery of medical 
care, but testimony before the Commission suggests that the number is high. 
For example, the director of the medical record department at a 600-bed 
university teaching hospital testified that he receives an estimated 2700 
requests for medical-record information each month, some 34 percent of 
them from third-party payers, 37 percent from other physicians, eight 
percent in the form of subpoenas and 21 percent from other hospitals, 
attorneys, and miscellaneous sources.!4 The attorney for a large and well 
known medical clinic testified that the clinic receives an estimated 300,000 
requests for medical-record information a year, some 88 percent of them 
patient-initiated requests relating to claims for reimbursement by health 
insurers.15 Representatives of a California photocopying firm told the 
Commission that in 1975, their firm photostated 365,000 medical records for 
the State disability insurance program. This same firm, which acquires 
medical-record information pursuant to patient authorization for use 


13 Epidemiology is the medical science responsible for investigating the impact of both man’s 
genetic endowment and his environment on his physical health. 

14 Testimony of Andrew Bailey, Director, Medical Record Department, Stanford University 
Hospital, Medical Records Hearings, June 10, 1976, p. 98. 

15 Written statement of Mayo Clinic, Medical Records Hearings, August 25, 1976. 


A 
4 


CamScanner 


Record Keeping in the Medical-Care Relationship 281 


rimarily by lawyers and insurers, has amassed a microfilm library of 
approximately 780,000 records. 16 
The results of a 1970 survey of requests directed to the offices of 
California psychiatrists are equally revealing. Of the 346 respondents, 89 
percent reported that they had been asked for medical-record information 
by isurance companies, 56 percent by schools, and 49 percent by 
employers.17 
These figures give some idea of how heavily a variety of institutions in 
our society have come to depend upon the information in medical records in 
order to perform their basic functions. They also suggest that medical- 
record information is now the key to many societal gatekeeping functions.18 
This is clearly revealed when the individual with venereal disease is denied a 
marriage license; when the person with heart disease is denied life 
insurance; when the epileptic is denied employment; or when a convicted 
felon is sent to a mental hospital instead of to prison. There are, however, 
many less dramatic and thus less visible examples. Chapter 6, on record 
keeping in the employer-employee relationship, describes some of the ways 
in which medical-record information figures in assignment and promotion 
decisions. The chapter on public assistance and social services takes special 
note of how medical-record information influences eligibility determina- 
tions. An incident recounted later in this chapter illustrates that much harm 
can come to an individual when medical-record information being used for 
research is casually disclosed to another. Indeed, as Westin has observed: 


. . . the outward flow of medical data. . . has enormous impact on 
people’s lives. It affects decisions on whether they are hired or fired; 
whether they can secure business licenses and life insurance; 
whether they are permitted to drive cars; whether they are placed 
under police surveillance or labelled a security risk; or even whether 
they can get nominated for and elected to political office.19 


The Commission agrees that the secondary use of medical records 
“raises the sharpest clash between society’s interest in protecting medical 
confidentiality and its interest in a wide variety of other important functions 

. °20 Yet this clash is not easy to resolve or even mitigate. From a privacy 
protection point of view, however, the confidentiality of the medical-care 
relationship has been seriously eroded and clearly needs to be restored. 
Simply blocking third-party access to medical-record information is not the 
answer. New balances must be struck, recognizing not only that existing law 

“and public policy on the subject are inadequate but also that many of the 





16 Written statement of Micro-Reproduction Services, Inc., Medical Records Hearings, 
August 26, 1976. 

17 Written statement of Maurice Grossman, M.D., Clinical Professor of Psychiatry, Stanford 
University, Medical Records Hearings, June 11, 1976, p. 4. 
_ 18 “Gatekeeping function,” as the term is used in this report, connotes the use of recorded 
information to determine whether individuals should be allowed to enter into different types of 
Social, economic, and political relationships, and if so, under what circumstances. 

7° Alan F. Westin, Computers, Health Records, and Citizen’s Rights, (Washington, D.C.: 
United States Department of Commerce, 1976). p. 60. 

20 Ibid., p. 60. 


689 CamScanner 


282 PERSONAL .PRIVACY IN AN INFORMATION SOCIETY 


gatekeeping and credentialling functions that depend on information 
derived from medical records are essential. 


THE FRAGILITY OF THE MEDICAL-CARE RELATIONSHIP 


The physician-patient relationship is an inherently intrusive one in 
that the patient who wants and needs medical care must grant the doctor 
virtually unconstrained discretion to delve into the details of his life and his 
person. As a practical matter, because so much information may be 
necessary for proper diagnosis and treatment, no area of inquiry is excluded, 
In addition to describing the details of his symptoms, the patient may be 
asked to reveal what he eats, how much he drinks or smokes, whether he 
uses drugs, how often he has sexual relations and with whom, whether he is 
depressed or anxious, where and how long he has worked, and perhaps what 
he does for recreation. Moreover, he is expected to submit to as much direct 
observation and recording of what is observed as his condition suggests and 
as the confines of the medical-care setting permit. As the Executive Director 
of the American Medical Record Association observed to the Commission, 
“a complete medical record [today] may contain more intimate details about 
an individual than could be found in any single document.”21 

Like all records, the medical record is in part a memory aid. It serves 
to remind the physician of conditions discovered, drugs prescribed, tests and 
treatments administered, and the charges levied. Earlier in this century, 
when most medical professionals were family physicians in solo practice, the 
typical medical record was simply a small ledger card with entries showing 
the dates of the patient’s visits, the medications prescribed, and the charges. 
The physician was usually able to file the intimate details of a patient's 
medical or emotional condition in the “safe crevices of his mind.”22 In 
contrast, a modern hospital medical record may easily run to a hundred 
pages. The records of a family physician may still hold information on 
ailments and modes of treatment, but also now note the patient’s personal 
habits, social relationships, and the physician’s evaluation of the patient’s 
attitudes and preferences, often in extensive detail. 

A great many factors contributed to this marked transformation in 
medical record-keeping practices. The information needs of third-party 
users have already been mentioned. Other factors include the progress of 
medical knowledge and the professional specialization it has fostered; the 
propensity of the American public to move around, making the medical 
record the principal instrument for assuring continuity of medical care; and 
the increasing use of medical records in judicial proceedings, especially in 


21 Medical Records Hearings, June 10, 1976, p. 137. ‘ 
?2 Natalie Davis Spingarn, Confidentiality, (Washington, D.C.: American Psychiatric 


Association, 1975), p. 1. See also, Carmault B. Jackson, “Guardian of Medical Data,” Prism 
Vol. 2 (June 1974), pp. 40-41. 


CamScanner 


Record Keeping in the Medical-Care Relationship 283 


malpractice suits, where the content of a medical record is often the 
hysician’s only real defense.?3 Today’s physician, in short, must learn more 
and remember more about his patients than his predecessors. To aid 
memory and to meet the demands for precise documentation, he incorpo- 
rates more and more of what he learns about patients in their medical 
records. 
Many argue that the efficacy of the medical-care relationship is 
directly related to the patient’s confidence that the information recorded in 
the course of the relationship will go no further. As one witness told the 


Commission, 


Patients would be reluctant to tell their physicians certain types of 
information which they need to know in order to render appropriate 
care, if patients did not feel that such information would remain 


confidential.24 


This may well be true; certainly it has the ring of common sense. If it is true, 
however, one can only conclude that patients are poorly informed about the 
information flows that often stem from their relationships with medical 
professionals. 

Physicians have recognized their duty to keep information about 
patients to themselves since time immemorial. The following clause of the 
Hippocratic Oath merely acknowledged a principle already rooted in the 
ethos of ancient Greece: 


Whatever, in connection with my professional practice, or not in 
connection with it, I see or hear, in the life of men, which ought not 
to be spoken abroad, I will not divulge, as reckoning that all such 


should be kept secret.?° 


Physicians still subscribe to that oath, but in practice modern society 
requires of them frequent and sometimes substantial departures from it. The 
ethical code of the American Medical Association, for example, acknow- 
ledges that physicians must abandon their duty of confidentiality when 
required by law to disclose information about a patient, and when in the 
physician’s judgment, he must do so in order to protect the welfare of the 
patient or of the community.26 Yet, even these major exceptions do not 
adequately convey the idea of the outward flow of information generated 
within the context of the medical-care relationship today. They take no note, 
for instance, of the breadth of many of the authorization statements patients 
are now routinely asked to sign or of the complex balances that must be 
struck in deciding when the welfare of the community should take 





23 It has been estimated that medical-record information is used as evidence in about three- 
quarters of all civil cases and in about one-quarter of all criminal trials. Harold L. Hirsch, 
aa Records—Medicolegal Implications,” Southern Medicine, Vol. 63, No.4 (August 

)) p. 11. 

24 Testimony of the American Medical Association, 
1976, p. 179. 

25 Cited in Robert M. Veatch, et. al, The Teaching of Medical Ethics, (New York: Hastings 
Center Publications, 1973), p. 146. 

8 Ibid., pp. 145-46. 


Medical Records Hearings, June 10, 


859 CamScanner 


284 PERSONAL PRIVACY IN AN INFORMATION SOCIETy 


precedence over the welfare of a patient. As a set of ethical precepts, 
moreover, they do not reach beyond the intimate physician-patient 
relationship which in today’s world constitutes only one segment of the 
medical-care relationship. 

In making these observations, the Commission is aware that the 
physician’s ethical duty to protect the records he keeps about his patients is 
also established in law. Nineteen States have regulations, statutes, or case 
law recognizing medical records as confidential and limiting access to 
them.?? In 21 States, a physician’s license may be revoked for willful 
betrayal of professional secrets.28 These statutes, however, do not generally 
apply to medical-care providers other than physicians, and although the 
codes of ethics of most allied health professions reaffirm the principle of 
confidentiality, the codes can impose only a moral, not a legal, obligation, 
Moreover, although a few courts have recognized that a patient has a cause 
of action against the physician who discloses information about him without 
his permission, as Westin notes, there is no reported U.S. case in which a 
physician or hospital had to compensate a patient for an injury resulting 
from breach of confidentiality.29 

More important, the typical statutory prohibition against the disclo- 
sure of medical-record information by medical professionals is focused on 
protecting the professional, not the patient. It prevents the professional from 
being compelled to testify or to produce records about a patient in court 
proceedings and before grand juries, and in the 43 States that have some 
form of testimonial privilege, the protections have gradually been extended 
from oral communications to records such as medical reports, X-rays, and 
laboratory tests. With this broadening of the privilege has also come an 
increasing number of exceptions to it, justified in large part by the belief that 
the privilege has all too frequently been invoked merely to conceal 
information that would be neither embarrassing to the patient, nor counter- 
therapeutic, nor destructive of the physician-patient relationship if it were 


_disclosed.3° 


The most important thing to remember about the testimonial privilege 


27 Richard Henry, ed. “A Summary of Freedom of Information and Privacy Laws of the 50 
States,” Access Reports (December 1975), p. 1. 


?8 Ann H. Britton, “Rights to Privacy in Medical Records,” The Journal of Legal Medicine, 
Vol. 3, No. 7 (July-August 1975), p. 32. 

29 Westin, op. cit., p. 29. Analysis of the relevant case law also indicate 
judgment against a physician for an unauthorized disclosure of medical-record information is 
no mean feat. There are only 16 jurisdictions in the United States that have adjudicated cases 
pertaining to a physician’s liability for the disclosure of confidential information. In these cases, 
a cause of action for unauthorized disclosure has been justified under a number of different 
theories: breach of statutory duty; invasion of privacy; libel; malpractice; breach of trust; and 
breach of contract. (John J. Fargo), “Medical Data Privacy: Automated Interference with 
Contractual Relations,” 25 Buffalo Law Review 493 (August 1976). See also Judith Lenable 
Elder, “Physicians and Surgeons: Civil Liability for a Physician Who Discloses Medical 
Information Obtained Within the Doctor-Patient Relationship in a Nonlitigation Setting,” 28 
Oklahoma Law Review 658-673, No. 3 (Summer, 1975). 

5° In his treatise on evidence, Wigmore argued that the privilege is not justified. Ninety-nine 
percent of the cases in which it has been invoked, he noted, involve personal injury cases where 
the patient voluntarily placed the extent of his injury before the court; actions on life insurance 
policies where the deceased was alleged to have misrepresented his health to the insurer; or 


S that gaining a 


CamScanner 


Record Keeping in the Medical-Care Relationship 285 


js that it has virtually nothing to do with normal, everyday use and 
disclosure of records maintained by a medical-care provider. The discretion 
to disclose or not to disclose, in most circumstances, resides solely with the 
provider. The courts by and large uphold that autonomy 3! 

It is true that physicians customarily obtain a patient’s authorization 
before revealing information about him to someone who is not ina position 
to compel such disclosure legally, but evidence presented to the Commission 
suggests that this safeguard, too, is weak. As described in Chapters 5 and 8, 
an investigation by a team of television reporters in late 1975 prompted a 
Denver, Coiorado, grand jury to look into the local activities of a Chicago 
firm that specialized in obtaining medical-record information on individuals 
without authorization. The firm, then called “Factual Service Bureau” and 
now known as “Inner-facts,” provides a variety of investigative services, but 
its speciality appears to have been the surreptitious acquisition of medical- 
record information from hospitals and physicians. Insurance claims 
investigators and lawyers used this information for a variety of purposes: to 
estimate how much their companies should reserve to cover particular 
claims; to assure that a claimant has not exaggerated the gravity of an illness 
or injury or inflated his lost earning capacity; and to detect other fraud. 
While in many cases they could have obtained the same information 
through normal channels, some claims personnel apparently felt there were 
justifiable reasons for avoiding the normal methods of acquiring it. That a 
firm like Factual Service Bureau could be successful, at least until it came 
under scrutiny by the Denver grand jury, appears to have been due in no 
small measure to the laxity of hospital security measures. 

In June, 1976, the Denver grand jury received permission of the 
Colorado court to issue a special report to the Privacy Protection Study 
Commission. It said in part: 


From the evidence, it is clear that the problem with respect to the 
privacy of medical records in this jurisdiction exists in many other 
cities and jurisdictions across the nation . . . [However,] the grand 
jury believes that there is no one, simple law which can be enacted 
or action taken to prevent future abuses and unlawful activities 
concerning medical records. Rather, what is needed is a combina- 
tion of voluntary self-regulation by institutions, health care provi- 


actions on wills where the deceased’s mental capacity was in question. Thus, in none of these 
instances could one say that the absence of the privilege would have hindered the individuals 
involved from seeking medical care, while in all of them the medical-record information sought 
was necessary to reach a decision. Wigmore, Evidence § 2380a (McNaughton rev. 1961). 
31 For example, in Clark v. Geraci, [208 N.Y.S. 2nd 564 (S. Ct. N.Y. 1960)), an employee, 
seeking an excuse for his absenteeism, asked his physician to provide a general medical excuse. 
In doing so, however, the physician also disclosed that the employee was an alcoholic, thereby 
causing the employee to be dismissed. According to the court, the employee's request for a 
general excuse constituted a waiver by estoppel, authorizing the disclosure for an undistorted 
| account of the employee’s condition, including his alcoholism. In another case, Hague v. 
| Williams, [181 A.2nd (N.J., 1961)], a court construed an application for life insurance as a 
waiver of confidentiality. In this case, an infant’s pediatrician told an insurance company that 
the child suffered from a congenital heart defect, even though he had never made this condition 
known to the baby’s parents. 


ae 
Oe 





CamScanner 


286 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


ders, the insurance industry, and the legal profession. Appropriate 
State and federal laws . . . should be enacted or amended to better 
accomplish the goal of protecting medical records.3? 


The Factual Service Bureau case points up a serious weakness in the 
protections offered by the authorization procedures used by medical-care 
providers. Nonetheless, it is not the only weakness, or even the most 
important for the majority of individuals on whom medical-care providers 
maintain records. Other Commission witnesses described how the form a 
patient is now routinely asked to sign authorizing the medical-care provider 
to disclose medical-record information about him is often so broadly 
worded that the patient, in effect, signs away all control over what is 
disclosed and what may be done with it thereafter. A noted authority on the 
confidentiality of psychiatric records told the Commission that knowing or 
suspecting that their medical records will be reviewed by outsiders keeps 
many people from seeking treatment for their illnesses, especially when the 
illness is psychiatric in character.33 

An incident that occurred midway in the Commission’s work 
illustrates how intense this concern can be. In 1976, Blue Cross-Blue Shield, 
in cooperation with the National Institute of Mental Health, the Civil 
Service Commission, and the American Psychiatric Association, initiated a 
Study to monitor claims and assess the appropriateness of psychiatric 
Services provided to members of the Blue Cross-Blue Shield’ Federal 
- Employee Benefit Program. The study required a form containing detailed 

psychiatric information to be submitted along with the standard claim for 
reimbursement under the program. The outcry was immediate. Claimants 
feared that the details of their illness and treatment would find their way 
into Federal personnel files. Phone calls and letters to local public-interest 
groups, to the press, to the Congress, and to the Privacy Commission caused 
Blue Cross-Blue Shield to reconsider the need for some of the most 
objectionable items of information. Bowing to pressure from Congress and 
the threat of a lawsuit, Blue Cross-Blue Shield has since developed a new 
reporting form. Meanwhile, however, some unknown number of Federal 
employees failed to file such claims for fear of losing jobs or security 
clearances. 

One must ask whether such a public outcry would have resulted from a 
request for detailed information about disorders other than psychiatric ones. 
Because of the social stigma attached to mental and nervous disorders in our 
society, even the fact of admission to a psychiatric hospital or disclosure of 
the name of the attending physician in a general hospital can have untoward 
consequences for an individual. | = 

The former Chairman of the American Psychiatric Association Task 
Force on Confidentiality, told the Commission that his colleagues “are all 


32 Written statement of Dal 
Hearings, June 11, 1976. 


33 Medical Records Hearings, June 11, 1976, p. 374. For examples of injuries suffered by 
patients as a result of breaches of confidentiality, see also, Maurice Grossman, Confidentiality 
and Third Parties, (Washington, D.C.: American Psychiatric Institute, 1975). 





e Tooley, District Attorney, Denver, Colorado, Medical Records 


CamScanner 


Record Keeping in the Medical-Care Relationship 287 


minimizing the amount of information that goes into the chart to protect the 
patient.” The Joint Commission on the Accreditation of Hospitals, in 
recognition of the extraordinary sensitivity of psychiatric records, has 
recommended special procedures for filing, storing, and providing autho- 
rized access to them.*° 

Psychiatric records are not the only concern, however; other medical 
records are also considered to be particularly sensitive. In recent years 
special Federal statutes have been enacted governing the disclosure of 
medical-record information pertaining to alcohol and drug abuse.3¢ The 
National Center for Health Statistics attributes the unreliability of its data 
on the incidence of venereal disease to physicians’ refusal to make the 
required reports, fearing, for their patients, the social stigma that attaches to 
these conditions.37 Nor does this exhaust the list of examples. Still others 
can be found in the growing literature on medical record-keeping practices 
and problems.38 

Moreover, it is not clear that the nature of a patient’s condition is the 
only factor that arouses anxiety about disclosure and its possible conse- 
quences. Because of the deference paid to expert opinion in our society, a 
physician’s offhand comment or speculation about a patient can be taken as 
an authoritative statement by those making non-medical decisions about the 
patient. A 1974 article in a journal published by the American Medical 
Association describes a case in which a physician’s discharge report to an 
employer contained a statement that the patient might have difficulty with 
money. Although hardly a medical judgment, the remark permanently 
limited the individual’s opportunities to advance in his firm. The co-director 
of a women’s health center in Los Angeles gave the Commission still another 


illustration: 


The woman was hospitalized for an acute infection. While in the 
hospital, she was sent from her own room to the X-ray department, 
some distance away in the hospital. She was given her medical 
records, sealed in a manila envelope, and told to walk over to the X- 
ray department. On her way to X-ray, curiosity got the best of her 
and she opened the envelope to have a look at her condition via the 
medical record. She was astonished to see more information written 





34 Testimony of Jerome S. Beigler, M.D., Chairman, American Psychiatric Association 
Committee on Confidentiality, Jnsurance Records, Hearings before the Privacy Protection 


Study Committee, May 20, 1976, p. 371. ; 
35 Joint Commission on the Accreditation of Hospitals, Accreditation Manual for Hospitals, 


1976 ed. (Chicago, Il: JCAH, 1976) p. 98. ee 

36 Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehabilita- 
tion Act of 1970, as amended by P.L. 93-282, and the Drug Abuse Office and Treatment Act of 
1972, as amended by P.L. 93-282. 

37 National Center for Health Statistics, op. cit., p. 257. 43 ; 

38 Westin’s 1976 study, previously cited, is the most recent contribution to the medical 
record-keeping literature on practices and problems. 

39 Ralph Crawshaw, “Gossip Wears a Thousand Masks,” Prism, Vol. 2, No. 6 (June 1974), 


pp. 45-47. a 


“ 


CamScanner 


288 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


in her record about the appearance of the friends who came to visit 
her in the hospital than about her medical condition.‘ 


Whether such information had been or would be disclosed outside the 
hospital was not clear. Yet, the fact that it was in the record, the fact that it 
could have been disclosed, and the fact that the patient would normally 
have no way of knowing it was there, suggest why the medical-care 
relationship can be an extremely fragile one today. 

One tends to forget that a patient usually has no way of knowing what 
is in a medical record about him, no way of controlling the accuracy or 
pertinence of the information it contains, and by and large no alternative 
but to allow others to have access to it when they ask permission to do so. As 
indicated earlier, consent to the disclosure of medical-record information 
about oneself is rarely voluntary. Usually the choice is between signing an 
authorization statement and foregoing a job or some indispensable service 
or benefit.41 Under such circumstances an authorization can serve as a 
means of controlling the disclosure of information about oneself but never 
as a means of giving voluntary consent, and it can only serve as a means of 
control if the patient knows what it is he is authorizing to be disclosed. He 
Tarely does, however. Just as custom prescribes an ethical duty of 
confidentiality for the medical-care provider, so also custom prescribes that 
the patient shall know nothing that is in the medical record except to the 
extent that the maker of the record chooses to tell him. 

There is, of course, little consensus among medical professionals as to 
whether a patient should be allowed to learn the contents of his medical 
record and less as to whether he should be able to see and copy it. Forceful 
arguments for and against were presented in testimony before the Commis- 
| sion. The fears expressed by private-sector physicians and medical-care 

institutions were not unlike those of their Federal counterparts before the 
Privacy Act went into effect—fears which, by and large, have not been 
Supported by experience. For example, one of the most commonly cited 
arguments in opposition to patient access is that it will lead to tremendous 
numbers of requests for records and thus greatly increase administrative 
costs while taking clerical and professional time to search for, prepare, and 
review records. Yet this has not been the case. A representative of the Health 
Services Administration of the Public Health Service testified that out of a 
total estimated patient population of five million, requests for records by 








neny of Feminist Women’s Health Center, Medical Records Hearings, June 11, 1976, 
p. 323. 
mony before the Privac 


41 In testi 
described an experiment she conducted 





CamScanner 


ca 


Record Keeping in the Medical-Care Relationship 289 


patients from the Bureau of Medical Services and the Indian Health Service 
have so far numbered around 3,000.42 The Deputy Assistant Secretary of 
Defense for Administration provided no data on the numbers of requests for 
access to records but noted that only 20 requests for correction of medical 
records were received in a ten-month period by Department of Defense 
medical facilities.44 The Administrator of St. Elizabeths Hospital, a large 
federally run psychiatric facility in Washington, D.C., estimated the number 
of requests for patient access during the first three months after the Privacy 
Act took effect at about 63.44 

Others argue strongly for allowing an individual to have access to a 
medical record through a licensed physician designated by him, and still 
others express concern that patient access would have a detrimental effect 
on the content of the medical record itself. Nonetheless, the Director of the 
Public Health Service’s Bureau of Medical Services told the Commission 
that the Privacy Act had the positive effect of encouraging physicians to 
record only information useful for patient care.*° : 

Indeed, in the final analysis, the most persuasive line of reasoning 
favoring access turned on the concept of authorization. So long as it is 
thought acceptable, or even necessary, for an individual’s past or present 
medical condition to be taken into account in making non-medical decisions 
about him, he will be asked to allow others to have access to his medical 
records or at least some of the information in them. As a practical matter, 
however, his authorization allowing such access by a third party will be 
meaningless so long as he does not know, and cannot find out, what is in the 
records. Both theoretically and practically, authorization is a meaningless 
procedure unless the individual knows what he is authorizing to be 
disclosed. 

Finally, although much of the preceding discussion is focused on 
paper records, it is important to recognize that significant changes are 
occurring, both in the way information is organized in medical records, and 
in the way medical records are stored and retrieved. The “problem-oriented 
medical record” is perhaps the most important and widely accepted of 
recent attempts to standardize medical-record format. It allows all medical 
professionals involved in an individual’s care to enter data and record 
observations on the same forms in the same manner. The problem-oriented 
format is adaptable to all medical-care settings from the physician’s private 
office to the long-term chronic disease facility. More important, Its 
standardized format lends itself easily to computerization and it was, in fact, 
initially developed with that purpose in mind. 

Computerization of medical records in contrast to medical-record 
information is not a common phenomenon today. As hospitals and other 
larger medical facilities acquire and use computers for business office 


42 Written statement of the Health Services Administration, Public Health Service, DHEW, 


Medical Records Hearings, July 20, 1976. ; 
43 Testimony of the Department of Defense, Medical Records Hearings, July 21, 1976. 
44 Submission of the Public Health Service, DHEW, Medical Records Hearings, June 10, 
1976. : . 
45 Testimony of the Health Services Administration, Public Health Service, DHEW, Medical 


Records Hearings, July 20, 1976, p. 125. 


CamScanner 


290 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


functions, however, a move toward computerization of the medical record 
itself becomes almost inevitable. A survey of some 6,000 hospitals 
conducted by the American Hospital Association in 1975 indicated that 
approximately 1,500 had in-house computers,46 and the number undoubted- 
ly has increased in the last two years with the advent of mini-computers and 
the growing experimentation with hospital information systems. Moreover, 
as Westin has pointed out in a study conducted for the National Bureau of 
Standards,47 the flow of medical-record information between hospitals and 
third-party payers is already heavily automated and likely to become more 
So. 


While this study showed that computerization has not yet led to 
greater collection of information or wider sharing of confidential records 
than heretofore prevailed in medical practice, it concluded that the creation 
of large automated information systems poses new problems and opportuni- 
ties from a privacy protection viewpoint. The problems are centered around 
the need to spell out the rules under which personnel within a medical-care 
institution shall have access to all or part of an automated medical record 
and the necessary levels of physical security for automated records 
containing especially sensitive information (such as psychiatric records). 
The opportunities arise from the fact that an automated record can be 
adapted to a need-to-know policy more easily than a manual record. 

These two trends—changing conceptions of the medical record and 
increasing automation—are important forces behind the Commission’s 
conviction that now is the proper time to establish privacy protection 
safeguards for medical records that will enhance the integrity, and thus the 
efficacy, of the medical-care relationship. 


RECOMMENDATIONS 


The Commission’s inquiry into the creation, maintenance, use, and 
disclosure of medical records and medical-record information led it to six 
basic conclusions. 

First, medical records now contain more information and are now 
available to more users than ever before. 

Second, the control medical-care providers once exercised over 
information in medical records has been greatly diluted as a consequence of 
specialization within the medical profession, population mobility, third- 
party demands for medical-record information, and the increasing incidence 
of malpractice suits. 

Third, the comparative insulation of medical records from collateral 
uses, normal even a decade ago, cannot be entirely restored. Indeed, it 
appears that the importance of medical-record information to those outside 
of the medical-care relationship, and their demands for access to it, will 
continue to grow. Moreover, owing to the rising demand for access by third 
parties, coupled with the expense of limiting disclosure to that which is 
specifically requested by the non-medical user, there appears to be no 





#6 Marcia Opp, “The Confidentiality Dilemma,” Modern Health Care, (May 1975), p. 52. 
47 Westin, op. cit. 


> 


CamScanner 


Record Keeping in the Medical-Care Relationship 29] 


natural limit to the potential uses of medical-record information for 
purposes quite different from those for which it was originally collected. 

Fourth, as third parties press their demands for access to medical- 
record information, the concept of consent to its disclosure, freely given by 
the individual to whom the information pertains, has less and less meaning. 
When an individual must choose between signing an authorization form and 
foregoing employment or insurance or public assistance, one cannot 
realistically speak of his signing voluntarily. This is not to say that 
authorization procedures are useless; to the contrary, they are essential 
instruments of control over the content and subsequent use of what is 
disclosed. In many situations, however, they should no longer be construed 
as evidence of consent freely given. 

Fifth, although the content of a medical record is becoming harder to 
control at the same time that the number and kind of decisions in which it 
figures is growing, it is still rare for an individual to be allowed to see, much 
less copy, a medical record pertaining to himself or to check the accuracy, 
timeliness, or completeness of the information it contains. 

Sixth, there are steps that can and should be taken: (a) to improve the 
accuracy, timeliness, and completeness of the information in a medical 
record; (b) to enhance the individual patient’s awareness of the content and 
uses of a medical record about himself; and (c) to control not only the 
amount and type of information that is disclosed to other types of users, but 
also the conditions under which such disclosures are made. 

The recommendations presented below are the Commission’s answer 
to a balanced delineation of these steps. As with the Commission’s other 
recommendations, they have three objectives: (1) to minimize intrusiveness; 
(2) to maximize fairness; and (3) to create a legitimate, enforceable 
expectation of confidentiality. Unlike the Commission’s other recommenda- 
tions, however, the recommendations set forth below are expected to have 
their greatest influence outside the medical-care relationship. For example, 
the Commission’s recommendations are not focused on the intrusiveness of 
the medical-care relationship per se, but rather on the intrusiveness that can 
result from others being able to take advantage of the unusual extent of 
divulgence and recording of observations that the medical-care relationship 
entails. Similarly, the Commission’s recommendations for letting the patient 
see, copy, and correct or amend his records are not primarily aimed at the 
consequences of inaccuracies or other deficiences in the records when used 
by a medical-care provider working within the context of the medical-care 
relationship. 

The Commission has been moved to recommend rights of access and 
correction for the patient in recognition of the harm that can befall him as a 
consequence of inaccurate, obsolete, or incomplete medical-record informa- 
tion being available for use in the context of relationships he has with other 
kinds of record-keeping institutions. While the Commission is aware of the 


CamScanner 





292 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


argument that giving a patient the right to review, discuss, audit, and obtain 
a copy of his medical record can have therapeutic value,§ it does not 
consider the decision-making uses of medical records within the confines of 
the medical-care relationship to be within its competence. In fact, only in the 
confidentiality area do the Commission's recommendations speak directly 
to the dynamics of the medical-care relationship, but again, only as those 


dynamics are affected by the lack of a legitimate, enforceable, expectation of 
confidentiality. 


GENERAL RECOMMENDATIONS 


The Commission considered several ways in which its medical-record 
recommendations might be implemented and enforced. The alternatives 
considered ranged from a wholly voluntary approach to Federal legislation 
which, like the 1974 Drug Abuse and Alcoholism statutes,49 would make 
compliance with the recommendations a requirement attached to the direct 
or indirect receipt of Federal funds. Ultimately, however, the Commission 
settled on an intermediate Strategy of giving medical-care institutions the 
responsibility for seeing that the requirements are met as a condition of 
qualifying for Medicare or Medicaid reimbursement. Private practitioners 
would not have to meet these requirements, since under current law they are 
not subject to the qualification standards that apply to medical-care 
institutions. Nonetheless, as it becomes necessary for private practitioners to 
qualify for Federal reimbursement, either through expansion of existing 
regulations, or through other developments looking toward a national health 
insurance scheme, they, too, would be covered by the recommended 
measures. 

The Commission believes that this Strategy allows time and opportuni- 
ty for the orderly resolution of differences between the institutionalized 
medical-care relationship and the private practitioner relationship, differ- 
ences that directly affect the content and handling of medical records. 
Moreover, to begin with the institutional relationship is to begin where the 
greatest problems appear to exist at the present time. 

Accordingly, the Commission recommends: 


Recommendation (1 J 


That the Congress, through amendment of the Social Security Act, 


‘8 This argument has been espoused by the staff of the Given Health Care Center in Vermont 
and is supported by a study reported by them in Applying the Problem Oriented Record. One 
hundred people were given their medical records and asked to review and audit the “subjective” 
data in their file. Reportedly, 78 percent of the patients indicated changes in their living, eating, 
and drinking patterns and 97 percent indicated less worry about their health after review of 
their record. Richard E, Bouchard, et al. “The Patient and His Problem-Oriented Record,” 


Applying the Problem-Oriented System, H. Kenneth Walker, J. Willis Hurst, and Mary F. 
Woody, eds. (New York: MEDCOM, 1975). ; 


; 49 Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehabilita- 
tion Act of 1970, as amended by P.L. 93-282, an 


d the Drug Abuse Office and Treatment Act of 
1972, as amended by P.L. 93-282. 


CamScanner 


Record Keeping in the Medical-Care Relationship 293 


authorize the Secretary of Health, Education, and Welfare to 
promulgate regulations requiring: 


(a) that medical-care providers whose services are paid for directly 
or indirectly under Titles XVIII and XIX of the Social Security 
Act develop specific procedures for implementing Commission 
Recommendations (5), (7), (9), (10), (11), (12), (13), and (14); 

(b) that such providers be required to show evidence of compliance 
with these recommendations as a condition of participation in 
the Medicare and Medicaid programs; and 

(c) that all records of surveys of compliance with the procedures 
developed pursuant to the Commission’s recommendations be a 
matter of public record and open to public inspection, provided, 
however, that the names or other identifying particulars of 
patients are deleted prior to public release. 


This recommendation builds on existing regulatory mechanisms and 
current certification and accreditation processes. Subparagraph (c), how- 
ever, goes beyond current practice regarding surveys carried out by the Joint 
Commission on the Accreditation of Hospitals (JCAH). Whereas surveys of 
Federal facilities and of institutions other than JCAH-accredited hospitals 
are open to public inspection under the Federal Freedom of Information 
Act, the results of JCAH surveys of medical-care institutions, by law, are 
not. Thus, unless the law were changed to provide for public inspection of 
those portions of a survey having to do with Title XVIII and Title XIX 
privacy protection requirements, the public would have no knowledge of 
hospital compliance. As repeatedly emphasized throughout this report, 
openness as to information policies and practices and accountability for 
such policies and practices are two of the most important protections for 
personal privacy. Both these protections would be absent if JCAH survey 
reports were allowed to remain secret. 

The need for subparagraph (c) points up the major disadvantage of 
relying exclusively on the existing Title XVIII and Title XIX regulatory 
mechanisms; no actionable rights for individuals will be created as a result. 
Enforcement will depend solely on the effectiveness of certification and 
accreditation procedures, and the ability of individuals, as individuals, to 
induce the Department of Health, Education, and Welfare to investigate 
specific cases and institute sanctions where an institution has failed to 
discharge its responsibilities. In Chapter 9 on the education relationship, the 
deficiences of this type of approach are described, from the sanctioning 
agency’s point of view as well as from the individual’s. Hence, as a corollary 
to the action it urges on the Congress, the Commission also recommends: 


Recommendation (2): 


That each State enact a statute creating individual rights of access to, 
and correction of, medical records, and an enforceable expectation of 
confidentiality for medical records consistent with Commission 
recommendations in these areas. 


689 CamScanner 


294 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


The Commission strongly urges that the National Commission on 
Uniform State Laws, or another body of comparable mission and expertise, 
develop model State statutes that will provide for the individual a right to 
sue for access to a medical record about himself, to correct or amend 
erroneous, misleading, or incomplete information in a medical record, and a 
right to hold a medical-care provider responsible if it can be shown that the 
provider has not exercised reasonable care in protecting the confidentiality 
of the medical records it maintains about him. In addition, the Commission 
would urge that such statutes create a limitation of liability to protect the 
medical-care provider against actions brought for defamation, invasion of 
privacy, or negligence when a medical record or medical-record information 
is released pursuant to the requirements of the statute or to the DHEW 
regulations proposed in Recommendation (1), above. False information 
furnished with malice or willful intent to injure an individual would, of 
course, not be covered by such limitation. 

Recognizing that there will be some medical-care providers that will 
not be subject to Medicare and Medicaid regulations, or, at least for a time, 
to State statutory requirements, the Commission also recommends: 


Recommendation (3): 


That any medical-care provider not subject to either of the Commis- 
‘Sion’s two general recommendations on implementation voluntarily 


establish procedures to comply with the specific recommendations set 
forth below. 


Finally, in light of the evidence presented to the Commission 
concerning the surreptitious acquisition of medical-record information from 
medical-care providers, the Commission recommends: 


Recommendation (4): 


That Federal and State penal codes be amended to make it a criminal 
offense for any individual knowingly to request or obtain medical- 
record information from a medical-care provider under false pretens- 
es or through deception. 


Safeguarding the confidentiality of medical records is properly the 
responsibility of the medical-care provider maintaining them. Yet, as noted 
earlier, at least one firm has specialized in obtaining medical-record 
information through subterfuge and was reported to have been successful in 
more than 90 percent of its attempts.5° Indeed, the breaches of medical- 
record security which have come to the public’s attention in the last few 
years have been dramatic and unsettling. The break-in at the offices of 
Daniel Ellsberg’s psychiatrist, the publicizing of Senator Eagleton’s past 
medical history, and the recent exposure of the theft of information by 
Factual Service Bureau are but three examples of blatant disregard for the 





50 Testimony of Dale Tooley, District Attorney, Denver, Colorado, Medical Records 
Hearings, June 11, 1976, p. 474, j 


CamScanner 


ll 


Record Keeping in the Medical-Care Relationship 295 


confidentiality of medical records. Under these circumstances, to place the 
full onus of responsibility for the protection of medical records on the 
medical-care provider seems to the Commission to be unrealistic. Its 
responsibility must be reinforced by sanctions against the deceptive 
acquisition or theft of medical-record information. 


SPECIFIC RECOMMENDATIONS 


Inasmuch as the Commission has no recommendations that bear 
directly on the intrusiveness of the medical-care relationship itself, its first 
set of specific recommendations concerns fairness. The measures recom- 
mended here prescribe procedures for allowing a patient to see, copy, and 
correct or amend a medical record pertaining to himself, and for placing 
limits on the circulation of medical-record information within the immedi- 
ate medical-care setting. Measures are also recommended to reinforce the 
expectation of confidentiality in the medical-care relationship by placing 
limits and conditions on those, other than a medical-care provider, who may 
acquire and use the information contained in a medical record. 


Fairness 


PATIENT ACCESS TO MEDICAL RECORDS 


As noted earlier, one of the issues on which medical-care providers are 
least in agreement is whether a patient should be allowed to see and copy a 
medical record about himself. Nine States currently grant a patient the right 
to inspect and, in some instances, obtain copies of his medical records. 
Colorado clearly has the most liberal statutes in that they apply not only to 
hospital records, but also to records kept by private physicians, psycholo- 
gists, and psychiatrists. The Colorado statutes grant the patient the right to 
obtain a copy of his records for a reasonable fee, without resort to litigation, 
and without the authorization of physicians or hospital officials.°! An 
Oklahoma statute permits the patient to inspect and copy his medical 
records in both the hospital setting and the physician’s office.°? The 
difference between the Oklahoma and Colorado laws lies in the status of 
psychiatric records. Colorado provides for patient access to psychiatric 
records following termination of treatment, while Oklahoma excludes 
psychiatric records altogether. 

Other States recognize a much narrower right of access. Florida law 
gives the patient the right to obtain copies of all reports of his examination 
and treatment, but applies only to records maintained by physicians, with 
no mention of hospital records.53 By contrast, the statutes of Connecticut, 





51 Colo. Rev. Stat. § 25-1-801. 
52 Okla. Stat. Ann. tit. 76, § 19. 
53 Fla. Stat. Ann. § 458.16. 


6859 CamScanner 


296 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


Indiana, Louisiana, and Massachusetts cover only a hospital record, and 
make no mention of records maintained by physicians.54 Mississippi and 
Tennessee require the patient to show good cause before he can have access 
to his hospital records.55 Ten States (Illinois, Maine, Missouri, Montana, 
Nevada, New Jersey, New Mexico, North Dakota, Utah, and Wisconsin) 
have vaguely worded statutes or regulations®® that allow a patient, relative, 
physician, or attorney access to the patient’s medical records. Of these 10 
states, Nevada and New Mexico apply only to mental-health records. In 
New York, the patient need be shown only enough of the hospital record to 
indicate which physicians have attended him,5? and in Ohio the hospital 
determines how much of the medical record the patient may see.58 In 
Arizona the administrator or attending physician must consent before a 
patient can inspect his hospital records.59 

In several other States legislation is now pending that would create a 
right of access for a patient similar to the one provided by the Privacy Act of 
1974, i.e., a right to see and copy a medical record about oneself except in 
special situations. 


The subsection of the Privacy Act that specifically refers to medical 
records states: 


In order to carry out the provisions of this section, each agency that 
maintains a system of records shall promulgate rules . . . which 
shall . . . establish procedures for the disclosure to an individual, 
upon his request, of his record or information pertaining to him, 
including special procedures, if deemed necessary, for the disclo- 
sure to an individual of medical records, including psychological 
records pertaining to him. /5 U.S.C. 552a(f)(3)] 


The Office of Management and Budget guidelines for implementing the 
Privacy Act quote the legislative history of this provision as follows: 


If in the judgment of the agency, the transmission of medical 
information directly to a requesting individual could have an 
adverse effect upon such individual, the rules which the agency 
promulgates should provide means whereby an individual who 





54 Conn. Gen. Stat. Ann. § 4.104 (1969); Ind. Code Ann. § 34-3-15.5-4; La. Rev. Stat. Ann. § 
44.31 (1951); Mass. Gen. Laws Ann. ch. 111 § 70 (1971). 

55 Miss. Code Ann. § 7146-53 (Supp. 1971); Tenn. Code Ann. § 53-1322. 

56 Ill. Ann. Stat. ch. 51 § 71; Maine: Letter from Robert B. Calkins, Assistant Attorney 
General to the Secretary's Commission on Medical Malpractice, June 19, 1972; Missouri 
Division of Health, Hospital Licensing Law, ch. 197; Montana Board of Health Regulations, 
§31.106; Nev. Rev. Stat. §433.721; N.J. Stat. Ann. §30:4-24.3; N. M. Stat. Ann. §32-2-18; N.D.- 
Rules and Regulations for Hospitals and Related Institutions R. 23-16-8S.1-.3; Utah Code 
Ann. §64-7-50; and Wis. Stat. Ann. §269.57(4). 

57N.Y. Official Compilation of Codes, Rules and Regulations, §§ 720.20(p)(1971). 

58 Wallace v. University Hospital, 171 Ohio St. 487, 172 N.E.2d 459 (1961). 

5° Arizona Hospital Association Consent Manual, 1969. 


6859 CamScanner 


Record Keeping in the Medical-Care Relationship 297 


would be adversely affected by receipt of such data may be apprised 
of it in a manner which would not cause such adverse effects.60 


While the Privacy Act recognizes an individual’s undeniable right to 
see and copy a medical record about him maintained by a Federal medical- 
care facility, it clearly allows special procedures where direct access could be 
harmful to him. The guidelines are vague about when special procedures are 
justified and silent about what they may be. Thus, it should not be surprising 
that the special procedures developed by the different agencies are not the 
same. 

__ The Department of Health, Education, and Welfare has the most 
liberal procedures, providing for indirect access to records through a 
responsible individual, not necessarily a medical professional, designated by 
the patient. The Department of Defense procedure requires that arrange- 
ments be made for release of the record to a physician of the patient’s 
choice. The Veterans Administration takes a middle ground, requiring that 
medical records containing “sensitive information” be “referred to a 
physician or other professional person with the necessary professional 
qualifications to properly interpret and communicate the information 
desired.” The one caveat provided is that the selectee must either meet VA 
professional standards or be licensed in the appropriate professional 
specialty.61 . 

The Commission’s hearings failed to produce evidence that one 
procedure was more effective than another in protecting patients from any 
adverse consequences that might result from obtaining their medical 
records. Not one witness was able to identify an instance where access to 
records has had an untoward effect on a patient’s medical condition. While 
the Department of Defense special procedure is clearly the most restrictive, 
DOD representatives estimated that the Department had released a record 
to a physician, rather than to the individual directly, in less than one percent 
of the cases where access had been requested. 

The Commission considered a number of proposals for a special 
procedure to be followed when direct access might harm the patient. Some 
of these would stop short of the DHEW procedure allowing release of the 
record to any responsible person the patient may designate, whether the 
designee is a medical professional or not. Others would leave the patient's 
see-and-copy right unrestricted with respect to any information in his 
medical records that had been or might be disclosed for use in making non- 
medical decisions about him, but would prescribe special procedures in 
specified instances (e.g., psychiatric or terminal illness) when there is no 
possibility of such disclosure to third parties. In the end, however, the 
Commission concluded that no solution would be acceptable in the long run 
so long as it risks leaving the ultimate discretion to release or not to release 
in the hands of the patient’s physician. In situations where the keeper of a 
medical record believes that allowing the patient to see and copy it may be 





60 Office of Management and Budget, Privacy Act Guidelines, issued as a supplement to 


Circular A-108, 40 Federal Register, 132, p. 28957. ; 
61 U.S. Veterans Administration, Manual MP-1, Part II, Chapter 21, Section 6.d. . 


CamScanner 


298 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


injurious to the patient, the Commission concluded that it would be 
reasonable for the record to be given to a responsible person designated b 
the patient, with that person being the ultimate judge of whether the patient 
Should have full access to it. In no case, however, should the physician or 
other keeper of the record be able to refuse to disclose the record to the 
designated responsible person, even where it is known in advance that the 
designated person will give the patient full access to it. 
Accordingly, having weighed the evidence before it, and having 
considered the arguments pro and con, the Commission recommends: 


Recommendation (5): 


That upon request, an individual who is the subject of a medical 
record maintained by a medical-care provider, or another responsible 
person designated by the individual, be allowed to have access to that 
medical record, including an opportunity to see and copy it. The 
medical-care provider should be able to charge a reasonable fee (not 
to exceed the amount charged to third parties) for preparing and 
copying the record. 


Although this recommendation stops short of guaranteeing that the 
patient will be allowed to see and copy everything in every medical record 
about him, it leaves the designee the option of giving the patient this 
guarantee. The Commission believes that the measure will encourage 
_ Medical-care providers themselves to release records to patients whenever 

they can possibly do so in good conscience. In some sense, the recommend- 
ed procedure harkens back to the time when family members and friends 
played a much larger role in patient care than they normally do today. In 
any case, it gives most patients a way of finding out what is in their medical 
records, and of knowing what others can learn about them from those 
records. 

This discussion would be incomplete without a word about access to 
medical records by patients who are minors. As noted in Chapter 11 on the 
public assistance and social services relationship, most of the comments 
submitted to the Commission urged that a minor patient be given access to 
medical records concerning treatment he has sought on his own behalf, if 
State law permits him to obtain such treatment without the knowledge or 
consent of his parents. State laws usually deal with this question in 
connection with venereal disease, drug or alcohol abuse, pregnancy, and 
family planning, including abortion. The Commission believes that in these 
instances only the minors (and not their parents or guardians) should be 
given access to such records or portions of records so as not to discourage 
them from seeking necessary treatment. 

The fee provision also raises a minor problem. Recommendation (5) 
would allow the medical-care provider to charge the individual a prepara- 
tion or copying fee consistent with the fees it charges others for such 
services. This could mean anything from $1 to several hundred dollars. 
Obviously, the Commission would not want the right to see and copy 4 
‘medical record to become a prerogative of the well-to-do, and thus urges 


CamScanner 


Record Keeping in the Medical-Care Relationship 299 


medical-care providers to develop fee schedules flexible enough to match 
the varying financial circumstances of patients. 


PATIENT ACCESS TO MEDICAL-RECORD INFORMATION 


Elsewhere in this report the Commission recommends measures to 
assure an individual’s right of access to a record maintained about him by 
an insurer, self-insurer, or insurance-support organization and further, that 
he be able to obtain on request a copy of all the information that served as 
the basis for an adverse insurance decision about himself. In another 
chapter, the Commission recommends that an employer voluntarily 
establish procedures whereby an individual can gain access to records the 
employer maintains about him. In the chapter on Public Assistance and 
Social Services, the Commission recommends enactment of a Federal 
statute requiring that the States, in turn, enact statutes permitting individu- 
als to have access to records maintained by a public assistance or social 
service agency. 

In all three instances, some of the records to which the individual 
would be given access are, or contain, medical-record information. The 
Commission would prefer that such third-party holders of medical-record 
information not distinguish it from any other information the individual 
asks to see and copy. The Commission recognizes, however, that as a 
practical matter an individual may not always find a medical record or a 
copy of medical-record information informative unless a medical profes- 
sional interprets its technical language for him, and third-party keepers of 
medical-record information may not be able to provide such assistance. 
Thus, with respect to medical-record information, the Commission recom- 
mends: 


Recommendation (6): 


That upon request, an individual who is the subject of medical-record 

information maintained by an organization which is not a medical- 

care provider be allowed to have access to that information either 
directly or through a licensed medical-care professional designated by 
him. 

It must be noted that this recommendation does not fall within the 
primary implementation strategy contained in Recommendations (1), (2), and 
(3) above. In the case of insurance institutions and insurance-support 
organizations, it would become part of the recommended general and 
Specific rights of access to records to be established by Federal statute. In 
the private-sector employment situation, it would be implemented voluntari- 
ly by the employer. In the public assistance and social services area, it would 
become a right provided by State statute which, if the Commission’s 
recommendations were followed exactly would have to distinguish between 
the social-services provider who is a medical-care provider—properly 
subject to the requirements of Recommendation (5) —and the social-services 
provider who is not a medical-care provider but who uses medical-record 


CamScanner 


300 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


information. As to the latter, the statute should guarantee direct access lest it 
retreat from the current practice of allowing an individual to see, before or 
during a hearing, information used to make an adverse eligibility determina- 
tion about him. (See Chapter 11.) 


CORRECTION OF A MEDICAL RECORD 


A main premise of a privacy protection policy is that an individual 
should be able to review the records made by others of information he has 
divulged, or has permitted to be divulged, and to correct any errors or 
amend any inadequacies in them. This premise is no less important for 
medical records than for other types of records, although much of the 
information in a medical record is put there by medical professionals. The 
individual may provide information, but he rarely enters it directly into the 
record; the medical professional normally does that. Thus, even with the 
most conscientious record keeping, there are ample opportunities for errors 
of fact or interpretation to creep into a medical record. 

Within the medical-care relationship itself, such errors can usually be 
corrected before they do any harm. Once information has been disclosed to 
someone outside the relationship, however, not only is correction or 
amendment more difficult but the consequences of errors become increas- 
ingly difficult to avoid or reverse. This becomes a particular danger when, as 
previously noted, offhand comments and speculations which are irrelevant 
to a patient’s medical history, diagnosis, condition, treatment, or evaluation 
are set down in medical records that become available for use in making a 
non-medical decision about him. Furthermore, while it is true that some 
portion of the information in a medical record may be beyond the patient’s 
comprehension, not all of it will be. Accordingly, in recognition of the fact 
that the circulation of erroneous, obsolete, incomplete, or irrelevant 
medical-record information outside the confines of the medical-care 
relationship can bring substantial harm or embarrassment to the individual 
concerned, the Commission recommends: 


Recommendation (7): 


That each medical-care provider have a procedure whereby an 
individual who is the subject of a medical record it maintains can 
request correction or amendment of the record. When the individual 
requests correction or amendment, the medical-care provider must, 
within a reasonable period of time, either: 


(a) make the correction or amendment requested; or 
(b) inform the individual of its refusal to do so, the reason for the 


refusal, and of the procedure, if any, for further review of the 
refusal. 


In addition, if the medical-care provider refuses to correct or amend a 


record in accordance with the individual’s request, the provider must 
permit the individual to file a concise statement of the reasons for the 


CamScanner 


Record Keeping in the Medical-Care Relationship 301 


disagreement, and in any subsequent disclosure of the disputed 
information include a notation that the information is disputed and 
furnish the statement of disagreement. In any such disclosure, the 
provider may also include a statement of the reasons for not making 
the requested correction or amendment. 


Finally, when a medical-care provider corrects or amends a record 
pursuant to an individual’s request, or accepts a notation of dispute 
and statement of disagreement, it should be required to furnish the 
correction, amendment, or statement of disagreement to any person 
specifically designated by the individual to whom the medical-care 
provider has previously disclosed the inaccurate, incomplete, or 
disputed information. 


The requirement to furnish a correction, amendment, or dispute 
statement to such previous recipients as the individual may designate 
evolves from a concern that medical-record information disclosed to third 
parties be as accurate, complete, and timely as possible. To expect a 
medical-care provider to convey a correction, amendment, or dispute 
statement to all previous recipients of information from a record would 
impose an unreasonable burden on the provider; yet the Commission is 
concerned that some steps be taken to minimize the extent to which 
medical-record information may become a source of unfairness to an 
individual. Therefore, it has recommended that only those specifically 
designated by the individual be furnished with the details of the correction, 
amendment, or statement of disagreement. The Commission believes this 
approach represents a reasonable balance. Moreover, because Recommenda- 
tions (10) and (14) below call for two types of accountings of disclosures 
(notations and retained authorization statements), the Commission would 
expect those accountings also to be available to the individual to help him to 
decide to whom corrections, amendments, or statements of disagreement 
should be sent. 


CORRECTION OF MEDICAL-RECORD INFORMATION 


As with its recommendations on patient access, the Commission also 
debated the correction, amendment, and dispute issues as they relate to 
keepers of medical-record information. The problem is largely one of 
information erroneously or incompletely reported by a medical-care 
provider, or erroneously copied or interpreted for or by the recipient. For 
example, an investigative-reporting firm under contract to an insurer may be 
authorized to acquire information from the physicians and hospitals named 
on an individual’s insurance application. If the investigative firm representa- 
tive makes a mistake in copying information from a medical record, neither 
his firm nor the insurer has any way of knowing it unless and until the error 
precipitates an adverse insurance decision and perhaps not even then. Even 
if the error is detected later, the information may have been disclosed in the 
meantime to other insurers (with the individual’s authorization), or to the 


CamScanner 


302 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


Medical Information Bureau where it will be retained, and thus constitute a 
potential problem for the individual for many years. 

The Commission recognizes that the number of mistakes of this sort 
can be minimized by having a medical-care professional review and 
interpret records for agents of third parties, or by using photocopying 
techniques. Not all medical records today can be organized to allow easy 
photocopying, however, and at the same time assure that the inquiring third 
party receives only as much information as the individual has authorized it 
to receive. Nor is it always possible to have a professional available when 
records are reviewed by third parties. Thus, in some unknown number of 
cases, either a medical professional will have to prepare special reports for 
the ultimate recipient—in this example, the insurer—or a certain amount of 
hand copying by persons who are not medically trained will unavoidably 
continue. Even when a medical record can be photocopied without revealing 
more information than is meant to be disclosed, there is the danger that the 
third party representative making the copy will overlook portions of the 
record which, if known, would alter the insurer’s decision. 

The simplest solution would, of course, be to allow the individual to 
correct or amend medical-record information where it rests, in the files of 
the recipient-user. Yet the simplest solution is not always the most practical 


one. The insurer (or employer, or whoever the third-party record holder 


happens to be) may elect not to give the individual direct access to medical- 
record information about himself. Recommendation (6), it will be remem- 
bered, gives the third-party record holder the option®? of disclosing medical- 
record information either to the individual to whom it pertains, or to a 
licensed medical professional whom the individual designates. Hence, there 
may be no way for the third-party holder to cope with a correction or 
amendment request without, in effect, giving up its option to deal with the 
individual through a designated professional. 

Moreover, despite what has been said about the tendency of some 
medical-care providers to record irrelevant information, it must be remem- 
bered that the medical record is a document to which unusual attention is 
given because it is created by persons who have special expertise. If an 
insurer could have confidence in an individual’s own description of his 
medical situation, there would be no need to acquire information in his 
medical records. The insurer, however, cannot assume that the individual is 
either qualified or motivated to give an accurate description. The fact that 
the insurer cannot rely on the individual in this matter is both the reason 
why the insurer seeks to acquire medical-record information and the reason 
why the individual’s claim that the information obtained is erroneous or 
otherwise inadequate cannot be taken at face value. | 

It may also happen that the medical-care provider who originally 
provided the contested information can no longer be consulted; for 
example, a physician may have retired, died, or moved out of reach, or the 
provider may simply not be willing to acknowledge that an error was made. 
In such situations, the Commission believes that the third-party holder of 





6? Except in the case of the social-service provider that uses medical-record information to 
make an (adverse) eligibility determination. 


CamScanner 


Record Keeping in the Medical-Care Relationship 303 


the allegedly inaccurate information should afford the individual a way of 
entering his corrections into the record as long as it also indicated that the 
changes were made without the concurrence of its original source. 
Accordingly, the Commission recommends: 


Recommendation (8): 


That when an individual who is the subject of medical-record 
information maintained by an organization whose relationship to the 
individual is not that of a medical-care provider requests correction or 
amendment of such information, the organization should disclose to 
the individual, or to a medical-care professional designated by him, 
the identity of the medical-care provider who was the source of the 
information; and further, 


That if the medical-care provider who was the source of the 
information agrees that it is inaccurate or incomplete, the organiza- 
tion maintaining it should promptly make the correction or amend- 
ment requested. 


In addition, a procedure should be established whereby an individual 
who is the subject of medical-record information maintained by an 
organization whose relationship to him is not that of a medical-care 
provider, and who believes that the information is incorrect or 
incomplete, would be provided an opportunity to present supplemen- 
tal information, of a limited nature, for inclusion in the organization’s 
record, provided that the source of the supplemental information is 
also included in the record. 


SAFEGUARDS AGAINST UNAUTHORIZED DISCLOSURE 


In other chapters of this report, the Commission considers various 
potential sources of unfairness to the individual when information is being 
used for the purposes for which it was collected. The Commission does not 
believe it necessary to do so here because institutional providers of medical 
care have traditionally given priority to protecting the individual in their 
own uses of patient records.63 The several organizations in the field of 
medical records management are far more competent than the Commission 
to make judgments and recommend rules as to the proper content of a 
medical record, its proper uses, and the types of users to whom it should or 
should not be disclosed within the framework of the medical-care relation- 
ship. Thus, in this chapter, the Commission confines its examination of 
information management within the medical-care relationship to one 


63 According to the Director of the Professional Services Division of the American Medical 
Record Association, the total membership of the Association at the beginning of 1977 was 
approximately 19,500 individuals. It was estimated by the Bureau of Health Manpower of the 
Department of Health, Education, and Welfare in 1974 that there were 53,000 individuals 
employed in the management and administration of medical records, 11,000 of whom were 
working in an administrative capacity. U.S. Department of Health, Education and Welfare, The 
Supply of Health Manpower (Washington, D.C.: DHEW, 1974), p. 144. 

” 


a 


CamScanner 


304 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


obvious area of concern: the medical-care provider’s role in assuring that 
the patient’s legitimate expectations of confidentiality are not breached as a 
consequence of negligence on the part of medical professionals themselves, 
The dramatic instance, previously cited, of the Factual Service Bureau’s 
unauthorized access to hospital medical records clearly highlights hospital 
internal records management as a problem area, although laxity in hospital 
records-management procedures was only part of the problem in that 
instance. 

Hospital records are routinely available to hospital employees on 
request. Most of these people are medical professionals who need such 
access in order to do their jobs, but not all of them are. Besides the 
physicians, psychologists, nurses, social workers, therapists, and other 
licensed or certified medical professionals and paraprofessionals, there are 
nearly always medical students and other people in training programs 
conducted either by the medical-care institution itself or affiliated with the 
institution. These people, too, have access to medical records for training or 
job-related purposes, as do non-professional employees and voluntary 
workers. In fact, one of the Factual Service Bureau sources was an employee 
in the administrator’s office of a Denver hospital. 

The more people there are who have access to a medical record, the 
more people there are who can be approached by a firm like Factual Service 
Bureau. Since the patient cannot control access to or use of records about 
him within a medical-care institution, it follows that the responsibility for 
protecting the record from such abuse must be assumed by the institution. 

Thus, the Commission recommends: 


Recommendation (9): 


That each medical-care provider be required to take affirmative 
measures to assure that the medical records it maintains are made 
available only to authorized recipients and on a “need-to-know” basis. 


Requiring the patient’s authorization each time an employee of the 
institution needs access to his medical record would be impractical. The 
team approach to treatment demands that the professional staff have ready 
access to patient records. Employees whose functions are purely administra- 
’ tive or custodial, however, need access to only some of the information in a 
patient’s record, for example, name, address, and whatever other informa- 
tion may be essential for preparing and submitting bills and claims or 
Statistical and management reports. These employees do not need, and 
should not have, free access to detailed clinical information about patients. 

The Commission urges accrediting bodies, licensing agencies, and 
professional associations to take the lead in establishing guidelines for 
affirmative measures to protect hospital medical records from unauthorized 
access. Affirmative measures might include routine call-back to verify the 
validity of telephone requests for records, requiring staff members and 
employees who request information or records from the medical-record 
department to identify themselves, prompt dismissal of any employee who 


CamScanner 


4 Record Keeping in the Medical-Care Relationship 305 
| 


violates the confidentiality of medical-record information, and a program to 
instruct new employees in the hospital’s confidentiality policies. 


Expectation of Confidentiality 
DISCLOSURE BY MEDICAL-CARE PROVIDERS 


The American Hospital Association (AHA), like the American 
Medical Association (AMA), claims for its membership the right to decide 
when disclosure of a patient’s medical record is necessary to protect the 
individual or the community. According to Hospital Medical Records, an 
AHA publication: 


The medical record . . . is the property of the hospital, therefore, 
the hospital, subject to applicable legal provisions, may restrict the 
removal of the record from the medical-record files or hospital 
premises, determine who may have access to it, and define the kind 
of information that may be taken from it.®4 


Although courts have found the disclosure of medical-record informa- 
tion by a physician to be actionable in a number of different cases, they have 
also consistently held that such disclosures are justifiable if they are made 
either in the best interest of the patient or to foster a supervening societal 
interest. An individual can clearly bring suit against a physician and 
probably against any other medical-care professional for disclosing infor- 
mation in a medical record about him without his authorization, but he is 
likely to lose. Indeed, in one case involving the unauthorized disclosure of 
derogatory psychiatric information, a court went so far as to affirm that 


“ _. the responsibility of the doctor to keep confidences may be 
outweighed by a higher duty to give out information even though 
defamatory. . . .”6 


Spokesmen for the medical-care professions argue that their discretion 
in making disclosures of the information in medical records is not a 
significant source of abuse. While the Commission is inclined to agree, the 
individual cannot rely on his expectation of confidentiality in any record- 
keeping relationship unless the restraints on disclosures are known, as the 
Commission argues in Chapter 9. As long as record keepers have complete 
discretion in making disclosures, the individual can have no basis for an 
expectation of confidentiality. Even if all record keepers were equally aware 
of their confidentiality obligation and equally conscientious in discharging 
it, the individual could not tell just what to expect since their perceptions of 
what the obligation entails would not necessarily be the same. Record 
keepers need not be denied all discretion in the matter; if enforceable limits 
are set on their discretion, the individual can build an expectation of 
confidentiality that corresponds with those limits. 

Enforceable limits on voluntary disclosures of confidential informa- 
tion have advantages for the record keeper as well as for the individual. In 





64 American Hospital Association, Hospital Medical Records (Chicago: AHA, 1972), p. 8. 
85 Berry v. Moench, 331 P.2d 814 (Utah 1958). 


CamScanner 


306 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


fact, without them, both are often hard put to refuse demands for disclosure, 
and virtually helpless when the demand is part of a compulsory process, 

The Commission believes that the medical-care relationship in 
America today is becoming dangerously fragile as the basis for an 
expectation of confidentiality with respect to records generated in that 
relationship is undermined more and more. A legitimate, enforceable 
expectation of confidentiality that will hold up under the revolutionary 
changes now taking place in medical care and medical record-keeping needs 
to be created and the Commission therefore recommends: 


Recommendation (10): 


That each medical-care provider be considered to owe a duty of 
confidentiality to any individual who is the subject of a medical record 
it maintains, and that, therefore, no medical care provider should 
disclose, or be required to disclose, in individually identifiable form, 
any information about any such individual without the individual’s 
explicit authorization, unless the disclosures would be: 


(a) to another medical-care provider who is being consulted in 
connection with the treatment of the individual by the medical- 
care provider; 

(b) to a properly identified recipient pursuant to a showing of 
compelling circumstances affecting the health and safety of an 
individual provided that: 

(i) an accounting of any such disclosure is kept; and 

(ii) the individual who is the subject of the information 
disclosed can find out that the disclosure has been made 
and to whom it has been made; 

(c) for use in conducting a biomedical or epidemiological research 
project, provided that the medical-care provider maintaining the 
medical record: 

(i) determines that such use or disclosure does not violate 
any limitations under which the record or information was 
collected; 

(ii) ascertains that use or disclosure in individually identifi- 
able form is necessary to accomplish the research or 
Statistical purpose for which use or disclosure is to be 
made; 

(iii) determines that the importance of the research or 
Statistical purpose for which any use or disclosure is to be 
made is such as to warrant the risk to the individual from 
additional exposure of the record or information con- 
tained therein; 

(iv) requires that adequate safeguards to protect the record or 
information from unauthorized disclosure be established 
and maintained by the user or recipient, including 4 
program for removal or destruction of identifiers; and 

(v) consents in writing before any further use or redisclosure 


| 


y 
CamScanner 


| 

Record Keeping in the Medical-Care Relationship 307 
of the record or information in individually identifiable 
form is permitted; 

(d) for an audit or evaluation purpose specifically required by law, 
provided that an accounting of such disclosures is kept and the 
individual who is the subject of the information being disclosed 
can find out that the disclosure has been made and to whom; 

(e) for an audit or evaluation purpose not specifically required by 
law, provided that: 

(i) any further use or redisclosure of the information in 
individually identifiable form is prohibited; 

(ii) adequate safeguards to protect the medical-record infor- 
mation from unauthorized disclosure are established by 
the user or recipient including a program for removal or 
destruction of identifiers; 

(iii) an accounting of such disclosures is kept and the 
individual who is the subject of the information being 
disclosed can find out that the disclosure has been made 
and to whom; 

(f) pursuant to a statute that requires the medical-care provider to 
report specific diagnoses to a public-health authority, and the 
individual is notified of each such disclosure; 

(g) pursuant to a statute that requires the medical-care provider to 
report specified items of information about the individual to a 
law enforcement authority, and the individual is notified of each 
such disclosure; 

(h) limited to location and status information (such as room 
number, dates of hospitalization, and general condition) provid- 
ed that: 

(i) the patient or his authorized representative does not 
object to the disclosure; and . 

(ii) such disclosure is limited to items specified in the general 
notice to the individual called for in Recommendation 
(12); or 

(i) pursuant to a lawful judicial summons or subpoena consistent 
with the recommendations of the Commission on government 
access. 


The recommended duty of confidentiality would be established in the 
first instance through regulations promulgated by the Department of 
Health, Education and Welfare. To make the duty fully effective, however, 
it should be adopted by statutory enactment in each of the 50 States. If this 
is not done the individual patient will be dependent on the medical-care 
provider to protect him against compulsory process and other demands for 
his medical records or he will have to rely on the Department of Health, 
Education and Welfare to act on his behalf when a provider violates its duty 
of confidentiality to him. 

__ The Commission recognizes that a duty established by State statute 
will not in most cases be effective against any conflicting requirements of 
Federal agencies to disclose medical-record information in individually 


CamScanner 


308 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


identifiable form as a condition of participation in a Federal program. Thus, 
the final test of society’s desire to create a viable basis for legitimate 
expectations of confidentiality in records about individuals generated in the 
context of the medical-care relationship, as in other contexts examined in 
this report, will be its willingness to adopt the Commission’s recommenda- 
tions on government access set forth in Chapter 9. 


Exceptions to the Duty of Confidentiality 


As noted earlier, it is no longer possible to restore the comparative 
insulation medical records enjoyed even a decade ago. Exceptions allowing 
disclosure without the individual patient’s authorization are necessary here, 
as elsewhere, in order to strike a balance between the individual’s right to 
personal privacy and society’s countervailing needs for information about 
his medical condition. The rationale for each of the exceptions in 
Recommendation (10) is explained below. 


Disclosures to Other Medical-Care Providers 


The first exception the Commission weighed concerns the disclosure of 
medical-record information between medical-care providers. Currently, it is 
by no means routine for a provider referring a patient to another provider to 
ask the patient’s written authorization to disclose the pertinent medical- 
record information about him to the second provider. Inasmuch as the 
second provider is no doubt directly involved in the diagnosis and treatment 
of the patient, the patient’s authorization properly may be assumed. The 
Commission agrees that this is a proper assumption. It does not, however, 
find the assumption proper when information in the medical record of a 
patient is disclosed to a medical-care provider who has not had, or is not 
being consulted in connection with, a therapeutic relationship with the 
patient. In such a case, respect for the patient’s legitimate expectation of 
confidentiality demands that disclosure be made only with the patient's 
written authorization or pursuant to one of the other exceptions in 
Recommendation (10). 


Disclosures to Protect Health or Safety 


Exception (b) of Recommendation (10) recognizes that a medical-care 
provider clearly cannot be bound by a requirement to obtain the patient’s 
authorization before disclosing medical-record information about him if 
such disclosure is necessary to avert or alleviate a serious threat to an 
individual's health or safety. Nonetheless, this exception is only justified by 
a compelling threat to someone’s health or safety; a provider's desire to 
protect individuals’ social or economic welfare or peace of mind is not 
enough. For example, a physician would not ordinarily be permitted to 
Justify telling a patient’s employer that the patient has cancer, although he 


might justify notifying an airline employer that a patient, who is one of its 
pilots, is suicidal. 


CamScanner 


Record Keeping in the Medical-Care Relationship 309 


Disclosures to Facilitate Research 


Most medical-care providers routinely give medical professionals 
engaged in clinical or epidemiological research access to their patient 
records along with permission to abstract individually identifiable informa- 
tion and exchange that information with other researchers. Patient authori- 
zation for such access by researchers is not usually sought. Although a 
researcher’s obligation to obtain an individual’s informed consent to 
participate in any study that may expose him to physical or psychological 
harm is widely recognized, the researcher’s obligation to obtain the patient’s 

ermission to use information in records about him has always seemed less 
compelling. For one thing, the practical difficulties are considerable. 
Patients are difficult to locate, and if asked for an authorization might 
refuse, thereby skewing the results of the study in unknown ways. Insistence 
on patient authorization would make many important studies impossible. 
The recent search for the cause of the “Legionnaires’ Disease,” for example, 
would have been doomed at the start if the researchers had had to obtain 
authorizations before reviewing medical records. As it was, some victims 
were not traced until months after the event. The diethylstilbestrol (DES) 
follow-up studies described in testimony before the Commission® are 
another example of epidemiological research that could hardly have been 
undertaken had the researchers been required to obtain patients’ authoriza- 
tion prior to reviewing their medical records. 

The research uses of medical records are not, however, without risk. As 
one witness told the Commission: 


. . a researcher was doing a follow-up study of people who had 
been enrolled in a methadone maintenance program... . The 
contractor had the name and address of one particular individual 
who had been enrolled in the program several years previously, and 
the contractor went to the individual’s residence. It was a Saturday 
night and the person was having a party and the contractor said, 
“Hi, I am so-and-so from such-and-such an organization, and we 
are doing a follow-up study of patients who had been enrolled in the 
methadone maintenance program.”67 


Another such incident which came to the Commission’s attention 
involved the recontact of patients who had received treatment at an 
abortion clinic. In both instances the recontacts were unwelcome, resented, 
and extremely embarrassing to the persons contacted. 

Contacting individuals for follow-up information after reviewing their 
medical records poses a unique problem, illustrating the need for some 
minimum conditions on disclosure and use of individually identifiable 
records for research and statistical purposes. Exception (c) of Recommenda- 
tion (10) makes the researcher who wants access to this kind of information 
<< 

8 Testimony of the American Public Health Association and Mayo Clinic, Medical Records 
Hearings, June 10 and 11, 1976, pp. 297 and 567. 
ise a of National Institute of Mental Health, Medical Records Hearings, July 20, 


CamScanner 


310 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


accountable to the medical-care provider keeping the records and, through 
the provider, to the individuals concerned. Under this recommendation the 
tesearcher who wants access to medical-record information in individually 
identifiable form must show that he needs it for a worthwhile purpose; that 
access is vital to the fulfillment of that purpose; and that he can and will 
protect whatever expectation of confidentiality the patients had when the 
information was originally recorded. Recommendation (10)(c) comports with 
the Commission’s recommendations in Chapter 15 pertaining to the 
disclosure and use of records about individuals for statistical or research 
activities funded in whole or in part by the Federal government. 


Disclosures to Auditors and Evaluators 


Exceptions (d) and (€) recognize that surveyors and reviewers regularly 
ask for and get access to medical records for such purposes as certifying the 
accuracy and adequacy of an institution’s financial or administrative 
records; assessing the effectiveness of their medical, administrative, or 
financial management; and assuring their faithfulness to medical, legal, 
financial, and administrative standards. These examinations of records are 
part of the audits, certifications, accreditations, and licensure reviews and 
evaluations conducted by organizations like the Joint Commission on the 
Accreditation of Hospitals, Professional Standards Review Organizations, 
State and local public-health departments, and other government agencies. 
While such activities clearly serve the interests of the public that receives 
and subsidizes medical care, the Commission sees no need for the reports of 
auditors and evaluators to identify any individual patient directly or 
indirectly, nor does the Commission see any reason why the individual 
should be deprived of the knowledge that auditors and evaluators have had 
access to his records, and thus of any recourse in the event he is harmed by 
the disclosures they may make of information about him. Exception (d) 
recognizes that when audits and evaluations are specifically required by law, 
the medical-care provider is in no position to impose conditions on how 
information obtained from the medical records it maintains will be treated. 
In such cases, moreover, any subsequent uses and disclosures would be 
subject to the Commission’s government access recommendations in 
Chapter 9. Exception (e) deals with the situation where the medical-care 


Provider can set conditions for disclosure and recommends what those 
conditions should be. 


Disclosures Pursuant to Compulsory Reporting Statutes 


The original purpose of the State statutes that require the reporting of 
specific diagnoses to public health authorities was to help control the spread 
of communicable diseases, Today, however, many States require that in 
addition to communicable diseases, cases of cancer and other environmen- 
tally and occupationally related diseases also be reported. Mandatory 
reporting of births and deaths is universal and, in addition, some States 


CamScanner 


Record Keeping in the Medical-Care Relationship 311 


require that gunshot and stab wounds, cases of child abuse, and other 
violence-related injuries be reported to law enforcement authorities. 

While a significant number of States that require the reporting of 
venereal disease restrict, to some degree, the permissible uses and disclo- 
sures of such reports, over half the States provide no statutory protection for 
them.6§ One State which has such a reporting statute leaves it up to local 
health departments to decide whether such reports shall be open to public 
inspection, and another gives citizens the right to examine public records, 
including required reports of communicable diseases.®9 

Amendment of State statutes governing the use and disclosure of 
medical-record information obtained pursuant to public-reporting statutes 
is clearly the best way to prevent the irreparable harm to an individual that 
can result from misuse of such a report. Strengthening confidentiality 
protection would still not preclude the possibility that subsequent contact by 
agents of authorities to whom the information is properly reported will 
startle or embarrass an individual unnecessarily, particularly if the individu- 
al is not aware that a report was made. Thus, exemptions (f) and (g) require 
medical-care providers to notify an individual whenever information about 
him is disclosed pursuant to a public-reporting statute. 


Disclosures to the Public 


Many medical-care institutions that would under no circumstances 
divulge the details of a patient’s diagnosis or treatment are quite comfort- 
able about allowing the fact of admission, or the occurrence of a birth or 
death, to be publicized. It is normal hospital practice to tell anyone who 
inquires whether a patient has been admitted to a hospital and to indicate 
how serious the patient’s current condition is. 

In its Guide for Cooperation with Communications Media, the American 
Hospital Association takes the position that: 


The hospital has the . . . obligation of pointing out to the patient 
that his hospitalization is likely to become known and. . . public 
acknowledgement will usually be in his best interests. . . [to assure] 
that accurate information [about] his condition will come from an 
authorized source.7° 


The Commission, however, believes that an individual patient’s desire not to 
have his admission and general condition known should be respected. 
Exception (h) provides for limited disclosure of location and status 
information while at the same time giving the individual who objects a way 
of making his wishes known and binding. Limiting what may be disclosed to 
items specified in the notice called for in Recommendation (11) not only gives 
an individual a means of deciding whether he wishes to object to any 





88 Dennis Helfman, et al, “Access to Medical Records,” Appendix: Report of the Secretary's 
Commission on Medical Malpractice (Washington, D.C.: Department of Health, Education, and 
Welfare, 1973), p. 181. 

8° Mass. Gen, Laws Ann. ch. 111, $111 (1971); Neb. Rev. Stat § 84-712 (1966). 

7 Cited in Westin, op. cit., p. 77. 


6859 CamScanner 


312 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


disclosure at all; it also reassures the individual who, while inclined nor to 
object, is concerned about what may be disclosed if he takes no preventive 
action. 


Disclosures Pursuant to Compulsory Process 


A hospital or physician must surrender medical records or medical- 
record information when required by proper judicial process unless the 
disclosure is prohibited by statute. A psychiatrist testifying before the 
Commission urged the Commission to recommend a measure to protect 
patient records from indiscriminate court orders and subpoenas. He argued 
that information released pursuant to a court order or subpoena becomes a 
matter of public record; that grounds for issuing a subpoena are not always 
legitimate; and that not only patients but physicians and hospital officials 
are often so intimidated by the threatening documents they do not know 
they have legal rights against them. He recommended that at the very least 
subpoenas should include notification to the individual that he has a night to 
contest it, and how to do so.71 

The Commission agrees strongly that an individual whose medical 
records have been subpoened should have an opportunity to be heard in 
court. It also recognizes that to provide that opportunity, existing Federal 
and State laws will have to be amended. Exception (i) represents the first 
step toward that end. Other steps are proposed in the Commission 
recommendations on government access in Chapter 9. 


THE PRINCIPLE OF LIMITED DISCLOSURE 


Medical professionals look upon the medical record as a tool of 
communication among themselves. It seldom crosses their minds that a 
patient’s record may fall into the hands of someone who is neither trained to 
interpret it nor bound by the professional’s ethics. Moreover, when a 
medical professional discloses information in a patient’s record outside the 
medical community, neither he nor the patient who may grant permission 
for its disclosure can fully anticipate the ways in which the information may 
figure in non-medical decisions made about the patient. 

The Commission, as noted earlier, is neither mandated nor qualified to 
question a medical-care provider’s prerogative of putting into a medical 
record any item of information whose inclusion is professionally defensible. 
If medical-care providers are to maintain that prerogative, however, and if 
others who do not have a niedical-care relationship with the individual are 
to continue to benefit from the extraordinary degree of divulgence and 
observation the medical-care relationship can entail, it is essential that each 
disclosure of information from a patient’s record, with or without patient 
authorization, be strictly limited to the particular information needed for the 
user’s particular stated purposes. Medical-care providers breach the 
confidential nature of the medical-care relationship whenever they send 4 


7! Written Statement of Maurice Grossman, M.D., Clinical Professor of Psychiatry, Stanford 
University, Medical Records Hearings, June 11, 1976, p. 10. 


ud 
CamScanner 


Record Keeping in the Medical-Care Relationship 313 


copy of a patient’s entire medical record to an insurer or employer instead of 
completing the claims form provided, or abstracting the specific information 
requested. Photocopying technology, in general, and portable copying 
machines, in particular, make this practice widespread. 

When the patient has authorized disclosures, the authorization 
statement proposed in Recommendation (13) below will encourage the 
medical-care provider to place limits on the amount of information 
disclosed. It has also been suggested that a way to control the flow of 
information into and out of hospitals and physicians’ offices is to develop a 
basic uniform medical record that would make it possible to comply with 
utilization and quality-caré review requirements without disclosing an 
unnecessary amount of detail. Such a standardized record, however, is a 
long way off. Therefore, given the individual’s inability to be certain that the 
information disclosed is no more and no less than indicated on the 
authorization statement he signs, and given the fact that a certain number of 
disclosures will necessarily take place without his authorization, the 
Commission believes that implicit in the medical-care provider’s duty of 
confidentiality is an affirmative responsibility to limit the disclosure of 
information in a medical record to only that information which is specified 
on the authorization form or required by law. Accordingly, the Commission 
further recommends: 


Recommendation (11): 


That any disclosure of medical-record information by a medical-care 
provider, with or without the authorization of the individual to whom 
it pertains, be limited only to information necessary to accomplish the 
purpose for which the disclosure is made. 


NoTICE OF DISCLOSURES WITHOUT AUTHORIZATION 


To relieve apprehension about the disclosures that may be made of 
information in a medical record without the patient’s authorization, as well 
as to inform a patient of the procedures by which he can ascertain whether 
particular disclosures have been made, the Commission recommends: 


Recommendation (12): 


That each medical-care provider be required to notify an individual on 
whom it maintains a medical record of the disclosures that may be 
made of information in the record without the individual’s express 


authorization. 


This recommendation is comparable to the notice recommendations 
made in other areas the Commission has examined. Ideally, the patient 
should be notified during his first contact with the medical-care provider 
and renotified whenever a new category of disclosures without authorization 
is created. The Harvard Community Health Plan, a health maintenance 
Organization, is one medical-care provider that already provides its 


89 CamScanner 


314 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


members with such a rudimentary form of notice in its service agreement. In 
the confidentiality provision of the agreement, the member is informed that 
his medical records will be kept confidential 


. except for use incident to bona fide medical research, . . . 
education, . . . use reasonably necessary in connection with the 
administration of the agreement [and that] such information will 
not be disclosed without the consent of the member, unless. . . 
required by law.72 


Although this notice is not as specific as the one the Commission 
recommends, it demonstrates that such a notice requirement could be met. 


DISCLOSURES PURSUANT TO AUTHORIZATION 


As indicated in many chapters of this report, each time an individual 
applies for a job, for life or health insurance, for credit, or for financial 
assistance or services from the government, he agrees to relinquish some 
measure of personal privacy in return for the benefit he seeks. This cannot 
be helped, but all too often he is asked to sign away far more of his privacy 
than the situation warrants. Some authorization statements are so broadly 
worded as to require the recipient to “furnish any and all information on 
request.” 

The American Psychiatric Association takes the position that any 
blanket consent for the release of information from a medical record is 
unacceptable, since all consent for the disclosure of medical-record 
information should be “informed consent.”73 Such a standard appears to the 
Commission to be impractical. To speak of informed consent is to 
presuppose that the individual being asked to give it not only knows 
precisely what is being disclosed, but has the option both of refusing to 
divulge information about himself and preventing others from doing so. It 
also assumes that he can predict accurately who shall subsequently have 
access to the information and precisely how it will be used. In other words, 
to have given one’s informed consent to a particular disclosure of 
information about oneself is to have fully understood the costs and benefits 
that will or even might result from such disclosure. Yet the individual who 
authorizes someone to acquire medical-record information about him rarely 
has the option of refusing to do so. Technically, most authorization 
statements are voluntarily signed, but the option of refusing varies inversely 
with the individual’s need for the treatment, job, insurance, or social service 
he is seeking.74 

Recognizing these natural limits of informed consent, the Commission 
recommends an authorization procedure along the lines prescribed in the 
DHEW regulations on the “Confidentiality of Alcohol and Drug Abuse 
Patient Records” /42 C.F.R. 2] as a working model for all authorization 


72 Harvard Community Health Plan, “Group Service A 7 ; 
"3 American Psychiatric Association, i leis sbreinan Mags nope 


APAMIONY aia | Confidentiality and Third Parties (Washington, D.C.: 
"4 Testimony of Dr. Catherine E, Rosen, 





Medical Records Hearings, June 11, 1976. 


CamScanner 


Record Keeping in the Medical-Care Relationship 315 


statements presented to and accepted by a medical-care provider. The 
Commission recommends: 


Recommendation (13): 


That whenever an individual’s authorization is required before a 
medical-care provider may disclose information it collects or main- 
tains about him, the medical-care provider should not accept as valid 
any authorization which is not: 


(a) in writing; 

(b) signed by the individual on a date specified or by someone 
authorized in fact to act in his behalf; 

(c) clear as to the fact that the medical-care provider is among 
those either specifically named or generally designated by the 
individual as being authorized to disclose information about 
him; 

(d) specific as to the nature of the information the individual is 
authorizing to be disclosed; 

(e) specific as to the institutions or other persons to whom the 
individual is authorizing information to be disclosed; 

(f) specific as to the purpose(s) for which the information may be 
used by any of the parties named in (e) both at the time of the 
disclosure and at any time in the future; 

(g) specific as to its expiration date, which should be for a 
reasonable period of time not to exceed one year, except where 
an authorization is presented in connection with a life or non- 
cancellable or guaranteed renewable health insurance policy, in 
which case the expiration date should not exceed two years from 
the date the authorization was signed. 


This type of authorization statement provides assurance that an 
individual will understand what he is allowing to be disclosed, and why, but 
does not require that the voluntariness of his action be verifiable, nor does it 
assume that he can recognize every possible consequence of signing it. The 
medical-care provider should be responsible for having reasonable proce- 
dures to assure that authorizations presented to it satisfy the conditions of 
the recommendation. The medical-care provider should be able to use the 
exercise of such procedures as a defense where it later is claimed that the 
authorization is invalid. Subsection (b) of Recommendation (13) raises a 
small problem when the disclosure of medical-record information is 
authorized by a minor patient. The Commission feels strongly that where 
State law permits minors to obtain treatment for specific conditions without 
the consent of a parent or guardian the presumed confidentiality of the 
resulting medical-care relationship must be protected. Therefore, it would 
urge that in these instances, the minor patient alone be permitted to 
authorize disclosure of such information. 

The exceptions to the one-year rule in subsection (g) take account of 
the two-year “contestable period” (see Chapter 5) in life insurance and the 


CamScanner 


316 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


mentioned types of health insurance. It should be noted, however, that the 

corresponding recommendation in Chapter 5, Jnsurance Recommendation 

(18), calls for the signature date on the authorization statement to be the 

same as the date of the policy, thereby limiting the period of validity to two 
ears. 

: To enable the individual to verify the fact that an authorized 

disclosure has been made, the Commission further recommends: 


Recommendation (14): 


That each time a medical-care provider discloses information about 
an individual pursuant to a valid authorization, it be required to retain 
a copy of the authorization and, for the purpose of Recommendation 
(5) on patient access, treat it as part of the record(s) from which the 
disclosure was made. 


National Health Insurance 


Public and political pressure for a Federal health insurance program 
continues even as this report is issued. The Commission is acutely aware that 
the process of setting a national health insurance program into motion will 
open up unparalleled opportunities to reevaluate medical record-keeping 
policies and practices and hopes its recommendations will assist the public, 
medical- record keepers, and the Congress to that end. 

In exploring the possible effects of such a program on existing use and 
disclosure of medical records, the Commission’s staff reviewed 18 national 
health insurance proposals presented to the 94th Congress. These varied 
from the Kennedy-Corman bill (H.R. 21), which proposed a mandatory, 
government-administered program covering the entire population; to the 
AMA-supported Fulton bill (H.R. 6222), which proposed a Medicare-like 
system of private-sector intermediaries to administer premiums and 
reimbursements; to a voluntary, catastrophic health-insurance plan avail- 
able only to individuals whose medical expenses exceed a specified amount 
(H.R. 1373, the so-called “Roe bill’’). 

Of the 18 bills only five contained specific provisions to protect the 
confidentiality of the records that would be created by the program and 
even these were vague. Most of the five merely specified that all information 
collected and maintained for program’ purposes must be considered 
confidential. While it is too soon to say which, if any, of these various forms 
of national health insurance will be enacted into law, or how soon, the 
Commission sees a clear need to devise specific safeguards to prevent 
unfairness and protect the confidentiality of the medical-care relationship, 
whatever form such a program may take. 

If current private and publicly funded health-insurance programs are 
any indication, a universal health-insurance program will likely involve the 
creation and retention of records beyond the control of the provider with 
whom the individual has a medical-care relationship. Thus, the Commission 
urges that the recommendations in this chapter be adopted and that any 


4 


CamScanner 


Record Keeping in the Medical-Care Relationship 317 


legislation providing for national health insurance include safeguards 
covering the acquisition and dissemination of medical records and medical- 
record information. 





689 CamScanner 


